Notes
Update Notes
Update the notes stored for an appointment
PUT
Overview
Update the notes for a specific appointment. The endpoint locates the appointment by ID, then updates the notes document associated with it. All body fields are optional.This operation is scoped to the owning doctor. The appointment identified by
{id} must belong to the authenticated user. A request for an appointment you do not own returns 403 Forbidden, an unknown appointment returns 404 Appointment not found, and an appointment that has no notes yet returns 404 Notes not found.Authentication
Bearer token for authenticated access. The doctor (user) identity is taken from the JWT.
401 with a message field. See Error Responses.
Path Parameters
Appointment ID (MongoDB ObjectId, 24 hex characters) whose notes to update. Must be owned by the authenticated doctor.
Body Parameters
Notes content to set. Omitting the field (or sending an empty string) keeps the existing value — an empty value does not clear the field. Markdown asterisks are stripped server-side before storage.
Summary to set. Omitting the field (or sending an empty string) keeps the existing value.
Optional override for the stored
appointment_id. Keeps the existing value when omitted.Response
Indicates whether the operation succeeded.
The updated notes document.
Error message (only present when
success is false).The
data object is the full saved notes document and may contain additional fields beyond those listed above. Treat any unlisted fields as opaque.Example Request
Example Response
Error Responses
Behavior Notes
- Two-step lookup: The endpoint first finds the appointment, then the notes document associated with it.
- Partial updates: Only provided fields are updated. Omitting a field — or sending an empty string for
notes/summary— preserves the existing value. - Asterisk stripping: Markdown asterisks are removed from
notesbefore storage. - Timestamps:
updatedAtis set automatically when the notes are saved.
Status Codes
- 200 — Notes updated successfully.
- 400 — Save failure.
- 401 — Missing, invalid, or revoked authentication token.
- 403 — Authenticated user does not own the appointment.
- 404 — Appointment not found, or no notes exist for the appointment.